You are here

Home » API reference » OAuth2 Server 7 » oauth2_server.test » OAuth2ServerTestCase

public function OAuth2ServerTestCase::testCryptoTokens in OAuth2 Server 7

Tests crypto tokens.

File

tests/oauth2_server.test, line 587
OAuth2 tests.

Class

OAuth2ServerTestCase
Test basic API.

Code

public function testCryptoTokens() {

  // Enable crypto tokens.
  $server = oauth2_server_load('test');
  $server->settings['use_crypto_tokens'] = TRUE;
  $server
    ->save();
  $result = $this
    ->passwordGrantRequest();
  $this
    ->assertEqual($result->code, 200, 'The token request completed successfully');
  $response = json_decode($result->data);

  // The refresh token is contained inside the crypto token.
  $this
    ->assertTokenResponse($response, FALSE);
  $verified = FALSE;
  if (substr_count($response->access_token, '.') == 2) {

    // Verify the JTW Access token following the instructions from
    // http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens
    list($header, $payload, $signature) = explode('.', $response->access_token);

    // The signature is "url safe base64 encoded".
    $signature = base64_decode(strtr($signature, '-_,', '+/'));
    $payload_to_verify = utf8_decode($header . '.' . $payload);
    $verified = openssl_verify($payload_to_verify, $signature, $this->public_key, 'sha256');
  }
  $this
    ->assertTrue($verified, 'The JWT Access Token is valid.');
}